PHP - Changing Session Behavior

Introduction

You can alter PHP's default session-handling behavior in a number of ways.

The php.ini file contains several configuration directives that you can alter:

Directive
Description
session.cookie_lifetime

How long the session cookie should last for (in seconds).
The default is zero, which expires the cookie when the browser is quit.
session.cookie_path

The path field for the session cookie.
Defaults to " /" (the entire site).
session.cookie_domain

The domain field for the session cookie. Defaults to " " (the current server).
Change this if you want the session to be available to more than one host in the same domain.
session.cookie_httponly


The HttpOnly field for the session cookie.
Defaults to false.
Change this to true if you want to prevent JavaScript from accessing the session cookie.
session.auto_start

Defaults to false.
Change it to true, and PHP automatically starts a session the moment your script starts executing

You can either alter these directives directly in your php.ini file, if you have access to it.

Or you can set them on a per-script basis using the ini_set() PHP function:

ini_set(" session.cookie_lifetime" , 1200);  // Set session timeout to 20 minutes

Related Topic